Linux Distros Unpatched Vulnerability : CVE-2024-13903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JSGetRuntime of...

Linux Distros Unpatched Vulnerability : CVE-2023-48183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of this with eval. CVE-2023-48183 Note that Nessu...

Linux Distros Unpatched Vulnerability : CVE-2023-48184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QuickJS before 7414e5f has a quickjs.h JSFreeValueRT use-after-free because of incorrect garbage collection of async functions with closures. CVE-2023-48184 Not...

CVE-2024-33263

QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JSFreeRuntimeJSRuntime at quickjs.c...

CVE-2023-48184

QuickJS before 7414e5f has a quickjs.h JSFreeValueRT use-after-free because of incorrect garbage collection of async functions with closures...

CVE-2023-31922

QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component jsproxyisArray at quickjs.c...

PT-2025-23445 · Oss Fuzz · Quickjs

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=419346940 Crash type: Use-of-uninitialized-value Crash state: JS FreeRuntime fuzz eval.c async func init...

CVE-2020-22876

Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. This issue is resolved in the 2020-07-05 release...

PT-2025-21907 · Git +1 · Quickjs

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The software suffers from a use-of-uninitialized-value issue. The crash state involves JS FreeRuntime, occurring within fuzz eval.c during async func init...

PT-2025-21905 · Git +1 · Quickjs

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The software suffers from a heap-buffer-overflow read issue. The crash occurs during JS CallInternal, JS EvalFunctionInternal, and JS EvalInternal function...

PT-2025-20244 · Git +1 · Quickjs

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The software suffers from a heap-use-after-free WRITE 8 condition. The crash state involves the following functions: JS FreeValueRT, JS CallInternal, and JS...

CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

DEBIAN-CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

DEBIAN-CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

UBUNTU-CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

UBUNTU-CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a missing length check in the JSReadString function. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Commit - GitHub Issue - GitHub Issue -...